From: Arturo Borrero <aborrero@cica.es>
To: Pablo Neira Ayuso <pablo@netfilter.org>
Cc: Jan Engelhardt <jengelh@inai.de>, netfilter@vger.kernel.org
Subject: Re: Conntrackd issue with bonding
Date: Tue, 14 Aug 2012 09:54:12 +0200 [thread overview]
Message-ID: <502A0424.5020505@cica.es> (raw)
In-Reply-To: <20120813180106.GA23002@1984>
[-- Attachment #1: Type: text/plain, Size: 4202 bytes --]
On 13/08/12 20:01, Pablo Neira Ayuso wrote:
> On Mon, Aug 13, 2012 at 12:35:21PM +0200, Jan Engelhardt wrote:
>> On Monday 2012-08-13 11:46, Pablo Neira Ayuso wrote:
>>> Please, git pull again, run make check, run the test and send me the
>>> results.
>> The problem is that nlif_receive is only called once by nlif_catch,
>> and ignores RTM_F_MULTI, therefore missing most interfaces.
> Thanks Jan. That was indeed the problem.
>
> I have committed the fix for this issue:
>
> http://git.netfilter.org/cgi-bin/gitweb.cgi?p=libnfnetlink.git;a=commit;h=8b15e485c0d5f4a1e56b2148a34995ed1fa9e95b
>
> @Arturo: Please, install a fresh working copy of libnfnetlink and let
> me know if the problem persists.
>
> Before that, check that ./iftest bond1 displays valid device
> information.
Here is iftest with new git code:
root@debian:~/git/libnfnetlink/utils# ./iftest bond0
index (12) is bond0 (RUNNING) (UP)
root@debian:~/git/libnfnetlink/utils# ./iftest bond1
index (13) is bond1 (RUNNING) (UP)
root@debian:~/git/libnfnetlink/utils# ./iftest eth8
index (10) is eth8 (RUNNING) (UP)
root@debian:~/git/libnfnetlink/utils# ./iftest eth0
index (7) is eth0 (NOT RUNNING) (UP)
root@debian:~/git/libnfnetlink/utils# ip link show bond0
12: bond0: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP mode DEFAULT
link/ether xx:ff:30 brd ff:ff:ff:ff:ff:ff
root@debian:~/git/libnfnetlink/utils# ip link show bond1
13: bond1: <BROADCAST,MULTICAST,MASTER,UP,LOWER_UP> mtu 1500 qdisc
noqueue state UP mode DEFAULT
link/ether xx:f0:20 brd ff:ff:ff:ff:ff:ff
root@debian:~/git/libnfnetlink/utils# ip link show eth8
10: eth8: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast
state UP mode DEFAULT qlen 1000
link/ether xx:b8:f8 brd ff:ff:ff:ff:ff:ff
root@debian:~/git/libnfnetlink/utils# ip link show eth0
7: eth0: <NO-CARRIER,BROADCAST,MULTICAST,SLAVE,UP> mtu 1500 qdisc mq
master bond0 state DOWN mode DEFAULT qlen 1000
link/ether xx:ff:30 brd ff:ff:ff:ff:ff:ff
And using the new libnfnetlink:
root@debian:~/git/libnfnetlink# mv /usr/lib/libnfnetlink.so.0
/usr/lib/libnfnetlink.so.0.backup
root@debian:~/git/libnfnetlink# ln -s /usr/local/lib/libnfnetlink.so.0
/usr/lib/libnfnetlink.so.0
root@debian:~/git/libnfnetlink# tailf /var/log/conntrackd.log &
[1] 13423
root@debian:~/git/libnfnetlink# conntrackd -d
[Tue Aug 14 09:44:55 2012] (pid=13425) [notice] using user-space event
filtering
[Tue Aug 14 09:44:55 2012] (pid=13425) [notice] netlink event socket
buffer size has been set to 262142 bytes
[Tue Aug 14 09:44:55 2012] (pid=13425) [notice] initialization completed
[Tue Aug 14 09:44:55 2012] (pid=13428) [notice] -- starting in daemon
mode --
root@debian:~/git/libnfnetlink# conntrackd -s
cache internal:
current active connections: 2
connections created: 2 failed: 0
connections updated: 0 failed: 0
connections destroyed: 0 failed: 0
cache external:
current active connections: 0
connections created: 0 failed: 0
connections updated: 0 failed: 0
connections destroyed: 0 failed: 0
traffic processed:
0 Bytes 0 Pckts
multicast traffic (active device=eth8):
1296 Bytes sent 0 Bytes recv
18 Pckts sent 0 Pckts recv
0 Error send 0 Error recv
message tracking:
0 Malformed msgs 0 Lost msgs
It seems fine. I will do more tests.
I will contact Debian, so they update the package and it's easy for us
to use the new version.
--
Arturo Borrero González
Departamento de Seguridad Informática
Centro Informático Científico de Andalucía (CICA)
Avda. Reina Mercedes s/n - 41012 - Sevilla (Spain)
Tfno.: +34 955 056 600 / FAX: +34 955 056 650
Consejería de Economía, Innovación, Ciencia y Empleo
Junta de Andalucía
[-- Attachment #2: S/MIME Cryptographic Signature --]
[-- Type: application/pkcs7-signature, Size: 4238 bytes --]
next prev parent reply other threads:[~2012-08-14 7:54 UTC|newest]
Thread overview: 10+ messages / expand[flat|nested] mbox.gz Atom feed top
2012-08-10 7:09 Conntrackd issue with bonding Arturo Borrero
2012-08-10 9:19 ` Pablo Neira Ayuso
2012-08-10 10:02 ` Arturo Borrero
2012-08-12 19:05 ` Pablo Neira Ayuso
2012-08-13 7:14 ` Arturo Borrero
2012-08-13 9:46 ` Pablo Neira Ayuso
2012-08-13 10:35 ` Jan Engelhardt
2012-08-13 18:01 ` Pablo Neira Ayuso
2012-08-14 7:54 ` Arturo Borrero [this message]
2012-08-13 12:00 ` Arturo Borrero
Reply instructions:
You may reply publicly to this message via plain-text email
using any one of the following methods:
* Save the following mbox file, import it into your mail client,
and reply-to-all from there: mbox
Avoid top-posting and favor interleaved quoting:
https://en.wikipedia.org/wiki/Posting_style#Interleaved_style
* Reply using the --to, --cc, and --in-reply-to
switches of git-send-email(1):
git send-email \
--in-reply-to=502A0424.5020505@cica.es \
--to=aborrero@cica.es \
--cc=jengelh@inai.de \
--cc=netfilter@vger.kernel.org \
--cc=pablo@netfilter.org \
/path/to/YOUR_REPLY
https://kernel.org/pub/software/scm/git/docs/git-send-email.html
* If your mail client supports setting the In-Reply-To header
via mailto: links, try the mailto: link
Be sure your reply has a Subject: header at the top and a blank line
before the message body.
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox;
as well as URLs for NNTP newsgroup(s).